FISA

  Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. "Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files," a Cisco spokesperson told BleepingComputer. "We have launched an investigation to assess this claim, and our investigation is ongoing." This statement comes after a well-known threat actor named "IntelBroker" said that he and two others called "EnergyWeaponUser and "zjj" breached Cisco on October 6, 2024, and stole a large amount of developer data from the company. "Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private &

  Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware. Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States. Storm-0501 attack flow The attacker gains access to cloud environments by exploiting weak credentials and taking advantage of privileged accounts, with the goal of stealing data and executing a ransomware payload. Microsoft explains that the Storm-0501 obtains initial access to the network with stolen or purchased credentials, or by exploiting known vulnerabil